#!/bin/sh
# Copyright (C) 2019 Checkmk GmbH - License: GNU General Public License v2
# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
# conditions defined in the file COPYING, which is part of this source code package.

# postinst script for omd
#
# see: dh_installdeb(1)

set -e

BASE_PATH="/omd/versions/{CMK_VERSION}.{CMK_EDITION}"
CAP_PROGRAMS="bin/mkeventd_open514 lib/nagios/plugins/check_icmp lib/nagios/plugins/check_dhcp lib/cmc/icmpsender lib/cmc/icmpreceiver"
APACHE_OMD_CONF="/etc/apache2/conf.d/zzz_omd.conf"

# Source debconf library.
. /usr/share/debconf/confmodule

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

setperm() {
    local user="$1"
    local group="$2"
    local mode="$3"
    local file="$4"
    shift 4
    # only do something when no setting exists
    if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then
      chown "$user":"$group" "$file"
      chmod "$mode" "$file"
    fi
}

case "$1" in
  configure)
    ln -sfn /opt/omd /omd
    if [ ! -d /etc/bash_completion.d ]; then
        mkdir /etc/bash_completion.d
    fi
    update-alternatives --install /omd/versions/default \
       omd /omd/versions/{CMK_VERSION}.{CMK_EDITION} 38 \
       --slave /usr/bin/omd omd.bin /omd/versions/{CMK_VERSION}.{CMK_EDITION}/bin/omd \
       --slave /etc/bash_completion.d/omd omd.bash_completion /omd/versions/{CMK_VERSION}.{CMK_EDITION}/lib/omd/bash_completion \
       --slave /usr/share/man/man8/omd.8.gz omd.man8 \
               /omd/versions/{CMK_VERSION}.{CMK_EDITION}/share/man/man8/omd.8.gz

    # -- looking for group nagios, create it, if not exist
    if ! getent group omd > /dev/null ; then
      echo 'Adding system group omd' 1>&2
      addgroup --system --force-badname omd > /dev/null
    fi

    for PROGRAM in $CAP_PROGRAMS; do
      PROGRAM_PATH=$BASE_PATH/$PROGRAM
      if [ -f "$PROGRAM_PATH" ]; then
        setperm root omd 750 "$PROGRAM_PATH"

        if [ "$PROGRAM" = "lib/nagios/plugins/check_icmp" ]; then
            CAP="cap_net_raw+ep"
        elif [ "$PROGRAM" = "lib/nagios/plugins/check_dhcp" ]; then
            CAP="cap_net_raw,cap_net_bind_service=+ep"
        elif [ "$PROGRAM" = "lib/cmc/icmpsender" ]; then
            CAP="cap_net_raw+ep"
        elif [ "$PROGRAM" = "lib/cmc/icmpreceiver" ]; then
            CAP="cap_net_raw+ep"
        elif [ "$PROGRAM" = "bin/mkeventd_open514" ]; then
	    CAP="cap_net_bind_service+ep"
        fi

        # On some platforms the linux capabilities don't work as expected for different reasons.
        # Some have too old kernels or kernels without capabilities supprt. There are propably
        # other conditions, like filesystems without support for this. To keep Checkmk working
        # as before on these systems and as secure as possible on newer systems we first try to
        # set the capabilities and once that fails we fall back to setuid.
        if ! setcap "$CAP" "$PROGRAM_PATH"; then
            echo "Failed to set capabilities $CAP for $PROGRAM. Falling back to setuid."
            chmod 4750 "$PROGRAM"
        fi
      fi
    done

    db_stop
    # -- create apache config include if not exist
    if test -d /etc/apache2/conf-available; then
      # On e.g. ubuntu 13.10 conf.d is not loaded anymore, use conf-available
      APACHE_OMD_CONF="/etc/apache2/conf-available/zzz_omd.conf"
    fi

    if ! test -e $APACHE_OMD_CONF; then
      echo "Include /omd/apache/*.conf" > $APACHE_OMD_CONF
      # avoid apache error message including /omd/apache if no site exist
      touch "/omd/apache/empty.conf"

      # -- enable conf include, when available
      ! test -x /usr/sbin/a2enconf || a2enconf zzz_omd
    fi

    # -- enable apache modules
    if ! test -e /etc/apache2/mods-enabled/proxy_http.load; then
       a2enmod proxy_http	# also enables dependend modules
    fi
    if ! test -e /etc/apache2/mods-enabled/rewrite.load; then
       a2enmod rewrite
    fi

    echo "New default version is {CMK_VERSION}.{CMK_EDITION}."
    update-alternatives --set omd /omd/versions/{CMK_VERSION}.{CMK_EDITION}

    DEFAULT=/etc/default/omd

    if [ -d /run/systemd/system ]; then
        echo "Installing systemd unit: omd.service"

        # Disable startup through check-mk-[edition]-[version] related init scripts related to
        # other Checkmk versions. The startup of all sites shall be managed through the single
        # omd.service
        echo "AUTOSTART=0" >$DEFAULT

        echo "Activating startup during system boot"
        cp /omd/versions/default/share/omd/omd.service /etc/systemd/system/omd.service
        systemctl daemon-reload
        systemctl enable omd

    else
        # -- default for init
        if ! test -e $DEFAULT ; then
            echo "Activating startup during system boot"
            echo "AUTOSTART=1" > $DEFAULT
        fi
    fi

    ;;

  abort-upgrade|abort-remove|abort-deconfigure)
    exit 0
    ;;

  *)
    echo "postinst called with unknown argument \`$1'" >&2
    exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
